Vulnerabilities > CVE-2022-34392 - Insufficient Session Expiration vulnerability in Dell Supportassist for Home PCS

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

dell

CWE-613

NVD

Published: 2023-02-11

Updated: 2024-11-21

Summary

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Supportassist FOR Home PCS - Dell Supportassist FOR Home PCS 2.0 Dell Supportassist FOR Home PCS 2.0.1 Dell Supportassist FOR Home PCS 2.0.2 Dell Supportassist FOR Home PCS 2.1 Dell Supportassist FOR Home PCS 2.1.1 Dell Supportassist FOR Home PCS 2.1.2 Dell Supportassist FOR Home PCS 2.1.3 Dell Supportassist FOR Home PCS 2.2 Dell Supportassist FOR Home PCS 2.2.1 Dell Supportassist FOR Home PCS 2.2.2 Dell Supportassist FOR Home PCS 2.2.3 Dell Supportassist FOR Home PCS 3.0 Dell Supportassist FOR Home PCS 3.0.1 Dell Supportassist FOR Home PCS 3.0.2 Dell Supportassist FOR Home PCS 3.1 Dell Supportassist FOR Home PCS 3.2 Dell Supportassist FOR Home PCS 3.2.1 Dell Supportassist FOR Home PCS 3.2.2 Dell Supportassist FOR Home PCS 3.3 Dell Supportassist FOR Home PCS 3.3.1 Dell Supportassist FOR Home PCS 3.3.2 Dell Supportassist FOR Home PCS 3.3.3 Dell Supportassist FOR Home PCS 3.4 Dell Supportassist FOR Home PCS 3.4.0 Dell Supportassist FOR Home PCS 3.5.0 Dell Supportassist FOR Home PCS 3.6.0 Dell Supportassist FOR Home PCS 3.7.0 Dell Supportassist FOR Home PCS 3.8.0 Dell Supportassist FOR Home PCS 3.9.0 Dell Supportassist FOR Home PCS 3.10.4 Dell Supportassist FOR Home PCS 3.11.2 Dell Supportassist FOR Home PCS 3.11.4	33

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References